Software license audits: Avoid SAP, rent-a-center brouhaha

When your company contracts with an enterprise applications vendor for a fixed number of software licenses for your users, it behooves you to carefully monitor that usage at all times.

Rent-A-Center (RAC) is currently experiencing the pain that comes when a company may not be doing enough license monitoring. The rent-to-own chain sued SAP recently after receiving an unexpected $9 million bill from SAP for excess use of its Business Objects analytics software, according to IDG News Service. In the lawsuit, RAC argues it doesn't owe SAP any extra fees because SAP improperly interpreted the original license agreement. RAC has been using Business Objects since mid-2005, some two years before SAP acquired the BI software vendor.

In a counterclaim, SAP argues that an audit conducted earlier this year of RAC's systems discovered the company had "over-deployed the software, including running CPUs and Named Users greater than those licensed," IDGNS reported. That excess usage for licenses and maintenance fees adds up to about $9 million, SAP alleges.

"In many cases vendors will have an annual audit policy" to ensure that enterprise licensing agreements are being adhered to by customers, she says. "They'll come in once a year to audit it, not to create penalties but to adjust contracts if higher or lower usage is required."

Most of the time, companies have a good idea of how many employees are using the applications because they know how many workers need access, she says. "Vendors will put those numbers in place as they do their audits, and then they can say, 'oh, your usage is up, so we'll adjust your licenses.'"

This kind of language is definitely something an IT leader needs to demand long before a sales and service contract is ever signed with an enterprise applications vendor, Kemsley says. "You need to know what they mean. You need to know what constitutes the actual use of a license. And you also need to have some way of measuring how many of your users are actually using it so that you can keep track of it."

It's something every enterprise should make part of their normal procedures, especially if you have purchased a limited number of licenses rather than an all-you-can-eat enterprise license, she says. "If you have an enterprise license, then maybe you don't care about it as much."

Good business practices dictate that from an organizational standpoint, someone in your company has to be responsible for gathering and carefully following the number of licenses you purchased and the number of users you are serving. "You should be asking, 'how many do we have to use?'"

There are several steps to take to ensure good software license management practices, Kemsley says:

* Put good monitoring practices in place using the features that are often built into enterprise applications, depending on the app.

"If you have software that monitors how many users log on, then in that case you know how many users you have," Kemsley says. "You probably know how many concurrent users you have, too. Any software that licenses on a concurrency basis would have some way of watching that."

If your software license is set up for specific named users, then that's something you have to watch more carefully on your own. "That becomes a responsibility of the systems administrator," she says.

"[All of this] information is not just for the legal team to know," according to Kemsley. "It's also for the people who administer the applications, too, because they are the ones who watch it for compliance."

It's critical that there is a clear path of communications between the systems administrator and whoever signs the vendor contract to be sure the terms are being met so that disputes can be avoided. "That way the systems administrator understands it and then they know how many licenses that they have to play with," Kemsley says.

"It's no longer just about software installed directly on computers anymore," she says. "Obviously as we move to more cloud-based and Web-based enterprise applications from vendors, they're going to automatically keep track of what your employees are using. Then the whole license compliance problem goes away."

These kinds of license disputes were less common 30 years ago, Kemsley says, when companies would license and receive only a certain number of software installation keys for their users. Those keys would be installed to allow the use of an application for only one specific user. "It was a huge hassle for customers, who would often complain, and eventually vendors took it away," she says. "But it kept clear count of licenses and users."

One other key factor has also really changed in the world of software licensing in recent years, according to Kemsley. Enterprise software contracts between vendors and customers today come with an implied degree of trust, as a result applications can easily be installed for just about any users. That means disputes such as the case involving RAC and SAP could happen more often, she says.

It's not too difficult to see how these kinds of things can happen, she says. "SAP is just wildly popular in the enterprise and people inside companies look at it and see how it can give them useful information to do their jobs. So it just spreads like wildfire in an organization because people don't always think about whether they are violating their licensing agreements. This can happen quickly in an enterprise."

That's where careful and constant monitoring can prevent problems.

"Somebody [in the RAC case] had to know if they were violating their licenses," Kemsley says. "But the question is who knew it, and were they watching over it?"

Todd R. Weiss covers Enterprise Applications, SaaS, CRM, and Cloud Computing for CIO.com. Follow Todd on Twitter @TechManTalking. Follow everything from CIO.com on Twitter @CIOonline and on Facebook. Email Todd at tweiss@cio.com You can also join Todd in the "CIO Forum" group on LinkedIn.com to talk with CIOs and IT managers about the things that keep them up at night.

Copyright 2018 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.